Those who've been reading my XML tips for any length of time, especially recently, will know that I just finished up a marathon 9-part collection of same on the subject of XSLT. After a brief hiatus, I'm now playing catch-up for all the cool XML specifications, tools and technologies I didn't have time to cover while dispatching that XSLT magnum opus. That explains why I'm reporting on something significant, but a little bit dated here. The API spec that provides the subject for this tip was actually released in final form on 7/12/2005.
Nevertheless, the Java XML Digital Signature API (JSR 105) Version 1.0 is worth covering for a variety of reasons, not least of which is that it makes a standard programming interface available to Java that complies with a variety of related W3C recommendations, including:
• XML-Signature Syntax and Processing
• XML-Signature XPath Filter 2.0
• Exclusive XML Canonicalization Version 1.0
This work is a joint effort that involved Sun, IBM and other companies under the direction of specification leads Anthony Nadalin (IBM) and Sean Mullan (Sun), who jointly now occupy the role of JSR 105 maintenance lead. JSR 105's approval involved affirmation votes from the Apache Software Foundation, Apple Computer, BEA Systems, Fujitsu, HP, IBM, Intel, IONA Technologies, JBoss, Nortel Networks, SAP AG, and Sun Microsystems.
JSR 105 provides a Java API that developers can use to generate and validate XML signatures. It is also usable for Java programmers who might wish to implement JSR 105 and then register it as a cryptographic service for a JCA provider, a package or set of packages that supply a working implementation of the Java 2 DSK Security API cryptography features whether in whole or in part.
XML Signatures may be applied to any kind of digital content, including XML documents themselves. Signatures also apply to the content of one or more resources, where enveloped or enveloping signatures apply to data within the same XML document as the signature or where detached signatures apply to data external to the signature element itself. The specification also details with how to create and use XML signature elements and XML signature applications, while meeting proper conformance requirements. It explains methods to reference collections of resources and algorithms, as well as keying and management information.
The API specification consists of 6 packages:
• Javax.xml.crypto includes common classes for XML cryptography
• Javax.xml.crypto.dsig includes interfaces for the core elements defined in the W3C XML digital signature recommendation
• Javax.xml.crypto.dsig.spec includes interfaces and classes to represent input parameters for digest, signature, transform or canonicalization algorithms used to process XML signatures
• Two other packages relate to W3C DOM-specific classes
• A KeyInfo package supplies classes to parse and process KeyInfo elements and structures
About the author
Ed Tittel is a full-time writer and trainer whose interests include XML and development topics, along with IT Certification and information security topics. E-mail Ed with comments, questions, or suggested topics or tools for review.